Abstract
Verifying the correctness of a system as a whole requires establishing that it satisfies a global specification. When it does not, it would be helpful to determine which modules are incorrect. As a consequence, specification decomposition is a relevant problem from both a theoretical and practical point of view. Until now, specification decomposition has been independently addressed by the control theory and verification communities through natural projection and partial model checking, respectively. We prove that natural projection reduces to partial model checking and, when cast in a common setting, the two are equivalent. Apart from their foundational interest, our results build a bridge whereby the control theory community can reuse algorithms and results developed by the verification community. Furthermore, we extend the notions of natural projection and partial model checking from finite-state to symbolic transition systems and we show that the equivalence still holds. Symbolic transition systems are more expressive than traditional finite-state transition systems, as they can model large systems, whose behavior depends on the data handled, and not only on the control flow. Finally, we present an algorithm for the partial model checking of both kinds of systems that can be used as an alternative to natural projection.
Highlights
System verification requires comparing a system’s behavior against a specification
Our work provides results that build a bridge between supervisory control theory and formal verification
We have formally established the relationship between partial model checking and natural projection by reducing natural projection to partial model checking and proving their equivalence under common assumptions
Summary
System verification requires comparing a system’s behavior against a specification. When the system is built from several components, we can distinguish between local and global specifications. Natural projection is often applied component-wise to solve the controller synthesis problem, i.e., for synthesizing local controllers from a global specification of an asynchronous discrete-event system [11]. We address the first remark about a formal bridge by showing that, under reasonable assumptions, natural projection reduces to partial model checking and, when cast in a common setting, they are equivalent To this end, we start by defining a common theoretical framework for both. We propose a new algorithm for partial model checking that operates directly on Labeled Transition Systems (LTS), rather than on the μ-calculus. Extends the statement of Theorem 3.2 to the s-LTSs, i.e., that establishes the correspondence between partial model checking and natural projection for s-LTSs. we define a new algorithm for symbolic partial model checking directly on s-LTSs, and we prove it correct with respect to the symbolic quotienting operator. All the additional material about (i) implementation of the algorithms, (ii) tool usage and (iii) replication of the experiments is available at https:// github.com/gabriele-costa/pests
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
